Comments (6)
Solution found by @kenany in popomore/github-labels#3 (comment), confirmed in popomore/github-labels#3 (comment):
github.authorization.getAll
does not seem to trigger the SMS. I guess you'd have to at least attempt an authorization creation.
- Replace
github.authorization.getAll
in authentication test togithub.authentication.create
to ensure an SMS code is sent by GitHub - Add tests with api responses for SMS code
from github-oauth-prompt.
It seems to me that the API request must be a POST
for the SMS to trigger: GET
and DELETE
aren't working.
What this package should really be doing is attempting to create the token with basic auth, then re-attempting with a code after receiving the "Must specify two-factor authentication OTP code" error.
from github-oauth-prompt.
@kenany I've managed to fix this but the code isn't in a release-worthy state. If you need this library to work with your SMS two-factor auth, I'll make a pre-release for you. Otherwise I'll work on writing tests for this and investigating POST
vs GET
further.
It doesn't seem right to me that GET
requests require two-factor authentication but don't trigger an SMS code. I have contacted GitHub support about that.
from github-oauth-prompt.
From GitHub support:
While it's definitely confusing -- the behavior you observed is expected for now. Currently, only a POST request to /authorizations triggers an SMS message with an OTP token if the user has 2FA enabled. Other API calls will not trigger an SMS.
There's a few different reasons behind this, but we already have an open issue to discuss this decision and change the behavior. I can't promise if/when the behavior might be changed, but just wanted to let you know it's on our minds as well.
In the meantime, there's a workaround you could use. First, for making API calls to endpoints which are not in the "Authorizations API" group -- you should use an OAuth token. Second, for making API calls to create an OAuth token (POST /authorizations) you'll receive an SMS message. Finally, for the other endpoints in the "Authorizations API" group -- before making a request to the endpoint you want to call, make a dummy POST call to the /authorizations endpoint. This will trigger an SMS to the user which they can then use to authorize the next call you'll make right after. It's far from elegant, but it should get the job done.
from github-oauth-prompt.
from github-oauth-prompt.
👍
from github-oauth-prompt.
Related Issues (8)
- Fix a bad response that should be good HOT 1
- getExistingToken won't work anymore
- Get 100% code coverage in tests HOT 1
- Add docs for all static methods
- Use Promises to replace "callback hell"
- Notify when existing token is found but the scopes are different
- Display scopes being requested in the same style as GitHub
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from github-oauth-prompt.